Rajendra,
I've used the following code in my .jsp page:
<%
if ((request.getHeader("referer")=="") || (request.getHeader("referer")==null)) {
%>
<jsp:forward page="../jsp/logoff.jsp"/>
<%
}
%>
If the user tries to manipulate the URL in the address bar, "referer" becomes null.
It works..but not sure how reliable is this!
Sriram
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Friday, August 22, 2003 2:09 PM
To: Struts Users Mailing List
Subject: Re: Disallow user to modify URL in browser address bar
If the user is allowed to view the page, then no problem. If he is not.. then you
should have some sessionid authentication and user role and privilige authentication
in every page.
I think that's the only way of preventing a user to go to a restricted page.
thanks
-raj
sriram
<[EMAIL PROTECTED] To: "'Struts Users Mailing
List'" <[EMAIL PROTECTED]>
h.com> cc:
Subject: Disallow user to modify URL
in browser address bar
22/08/2003 11:45
AM
Please respond to
"Struts Users
Mailing List"
How to identify if user has manipulated the URL in Address Bar of the browser?
For ex., the application displays a page with the following URL:
http://localhost:8080/app/str/testview_srchpost.do
Now, the user modifies the URL in the address bard. Instead of testview_srchpost.do,
user types testtwoview_srchpost.do and clicks ENTER.
I want to restrict such types of URL modification Struts application. I should take
the user to a default access denied page when ever user does such changes.
How to identify this action of the user? Pl. give some ideas.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
